Transcript
Claire Aird (0:04)
Hackers steal millions in crypto from adspower browser users Paragon cuts off Italy's access to its spyware platform, France outsources EU border software to Russia and a UN and NATO hacker is detained in Spain. This is the risky bulletin prepared by Catalyn Kimparnu and read by me, Claire aird. Today is the 7th of February and this podcast episode is brought to you by Thinxt. The makers of the much loved Think a threat actor has compromised Crypto Wallet browser extensions for the adspower browser platform. The attacker added code that stole wallet recovery phrases and private keys from users of the niche browser. The breach took place in January and was detected after three days. ADSPower has removed the code and uninstalled the modified extensions from users browsers. Blockchain Security firm Slowmist estimates that hackers stole around $4.7 million in crypto assets. In other news, Israeli spyware company Paragon has allegedly cut off Italy's access to its platform in the wake of reports the government there had targeted journalists and activists for surveillance. Italian officials have denied the reports, which claim the government targeted vocal critics of Prime Minister Giorgia Meloni. The hacks were part of a larger attack that hit 13 other EU countries. According to Meta, seven of the alleged targets are from Italy. The Trump administration has extended its workforce buyout program to employees of cisa, the CIA and nsa. The buyout program allows government workers to retain their pay and benefits until the end of September if they resign this week. The White House has extended the buyout to over 2 million civilian federal workers. CISA employees were told last week they were exempt from the offer because their work is linked to national security. New US Attorney General Pam Bondi has disbanded a Justice Department task force that investigated foreign influence operations. The unit was set up in 2017 to counter foreign influence operations targeting US elections. The unit's work contributed to charges and sanctions against many Russian organisations involved in infOps and bot farms targeting elections in the US and around the world. Hackers have leaked documents from 21 Taliban ministries and government agencies. Over 50 gigabytes of data has been published to a website named Talib Leagues. The documents allegedly include the names of political prisoners and the details of government employees banned from leaving the country by the Taliban. The Taliban has confirmed the authenticity of the files. Deloitte has agreed to pay $5 million to the state of Rhode island to cover the cost of a recent ransomware attack. The incident took place in December and targeted State's health and social services portal, a system managed by Deloitte Rhode island says the Deloitte payment will be used to cover a call centre for people who've been impacted, credit monitoring and identity protection. EU investigators have launched an investigation into French IT firm ATOS for using staff based in Russia to build the EU's new electronic border system. According to the Financial Times. The new system will house the EU's biggest biometric and personal information database. The European Public Prosecutors Office is looking for possible FSB involvement in the work at Atoz's Russian office. Spain's national police have detained a suspect for allegedly hacking over 40 organisations. Authorities arrested the suspect last week in the city of Calpe on Spain's Mediterranean coast. Officials say the suspect breached multiple high level Spanish government agencies, NATO and U.S. army networks, many private companies and even several dark web forums. He's also the prime suspect behind the hack of the UN Civ aviation body earlier this year. The Chinese cyber contractor behind the widespread compromise of Sophos firewalls in 2020 is in financial trouble, according to an investigation by the blog nattothorts. Sichuan Silence filed for bankruptcy in December, two weeks after the US sanctioned the company and one of its employees. Chinese court documents have also revealed that the sanctioned employee filed a labour dispute against the company in July 2020. Siwa so I guess China is the one place where cybercrime actually doesn't pay Hackers are exploiting a zero day vulnerability in Trimble cityworks, a platform for managing physical infrastructure such as water and sewage systems. The zero day deserialization vulnerability can lead to remote code execution and allow hackers to take over the platform. Trimble says the vulnerability has been used to deploy cobalt Strike implants and custom rust malware on cityworks servers. Germany's cybersecurity agency BSI has discovered multiple vulnerabilities in the next cloud file sharing platform that can be used to bypass multi factor authentication. The BSI has recently conducted security audits of multiple open source projects such as keepass, Bitwarden and vaultwarden. Nextcloud has patched all the issues that were reported. And finally, game studio Bohemia Interactive says it's making progress in mitigating a wave of DDoS attacks that have targeted its games Armor Reforger and Dayz. A Russian hacking group named Star Squad Reborn has taken credit for the attacks in a series of online posts. The group claims it's launching the attacks after the gaming studio failed to invest in its servers for over a decade, leading to poor performance for gamers. And that is all for this podcast edition. A heads up the Risky Bulletin is taking a break next week and will return on the 17th of February. Today's show is brought to you by our sponsor, Thinxt, the makers of the much loved Thinxt Canary. Find them at Canary Tools. Thanks for your company.